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REMARKS 

The Examiner has rejected Claims 1-6, 10-17 and 21-23 under 35 U.S.C. 103(a) as 
being unpatentable over Wiegel (U.S. Patent No.: 6,484,261), in view of Bal et al. (U.S. 
Patent No.: 6,691 ,168). Moreover, the Examiner has rejected Claims 7-9 and 1 8-20 under 35 
U.S.C. 103(a) as being unpatentable over Wiegel (U.S. Patent No.: 6,484,261), in view of Bal 
et al. (U.S. Patent No.: 6,691,168), and further in view of Engel et al. (U.S. Patent No.: 
6,519,636). 

Applicant respectfully disagrees with such rejections, especially in view of the 
amendments made hereinabove. Specifically, applicant has amended all of the independent 
claims to include the subject matter of Claims 7-9 et al., in the interest of expediting the 
prosecution of the present application. 

In the latest Office Action, the Examiner has relied upon the following excerpt from 
Engel to meet applicant's claimed "wherein the rule sets are combined into a single rule set, 
and duplicate policy rules of the rule sets are removed ... wherein a user is notified of 
conflicting policy rules of the rule sets" (see all independent claims). 

"FIG. 5A describes the processing of an add rule event. An add rule 
event 44 0 carries control and flow parameters to create a new rule as 
described in 350 of FIG. 3. Step 511 searches for a rule with 
identical flow parameters. If the search was successful (branch true 
of 512) then an error is returned 513, as duplicates are not allowed 
(instead, if a rule for a flow needs to be changed the modify rule 
trigger 441 has to be used) . If the rule has a different set of flow 
parameters from all other rules (branch false of 512) , it is added to 
the database in 514 . Note that it is possible that two rules with 
different flow parameters match for the same socket (because of the 
use of wildcards) . In this case, the better matching rule takes 
precedence and is associated with the socket. This is described in 
the following." (col. 13, lines 5-19) 

Specifically, the Examiner argues that "Engel discloses rules are modified when 
duplicate rules is found and need to be changed." First, such statement is simply not true. 
When a duplicate is found, an error is simply given (see operation 513). There is no 
" removal. " as claimed by applicant. Further, there is no disclosure, teaching or suggestion of 
combining "rule sets " as claimed by applicant. Still yet, there is no discussion of a 
notification of " conflicting policy rules of the rule sets. " as claimed. 
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It appears that the Examiner is simply not taking into consideration the full weight of 
applicant's claims. A specific showing of each of applicant's claim limitations, or a notice of 
allowance is respectfully requested. 

To establish a prima facie case of obviousness, three basic criteria must be met. First, 
there must be some suggestion or motivation, either in the references themselves or in the 
knowledge generally available to one of ordinary skill in the art, to modify the reference or to 
combine reference teachings. Second, there must be a reasonable expectation of success. 
Finally, the prior art reference (or references when combined) must teach or suggest all the 
claim limitations. The teaching or suggestion to make the claimed combination and the 
reasonable expectation of success must both be found in the prior art and not based on 
applicant's disclosure. In re Vaeck.941 F.2d 488, 20 USPQ2d 1438 (Fed.Cir.1991). 

Applicant respectfully asserts that at least the third element of the prima facie case of 
obviousness has not been met, for the reasons set forth hereinabove. 

Applicant further notes numerous deficiencies in the application of applicant's 
dependent claims to the prior art. For example, the Examiner has relied upon col. 9, lines 25- 
34 and col. 1 8, lines 1 -40 from Wiegel to meet applicant's claimed * Vherein an action 
relating to the identified network objects is permitted if no policy rules deny the action, at 
least one policy rule conditionally denies the action, and at least one policy rule permits the 
action" (see Claim 3 et al.) and "wherein the policy rules denying the action are evaluated 
first, the policy rules conditionally denying the action are evaluated second, and the policy 
rules permitting the action are evaluated third" (see Claim 4 et al.). 

The subject matter of Claim 3 et al. is embodied in the following excerpt from Fig. 3 
of the originally filed specification. 
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Fig. 3 

Simply nowhere in Wiegel is there such specifically claimed logic. 

Further, with respect to the subject matter of Claim 4 et al., simply nowhere in Wiegel 
is there any sort of specific order in which policy rules are evaluated, namely "the policy 
rules denying the action are evaluated first, the policy rules conditionally denying the action 
are evaluated second, and the policy rules permitting the action are evaluated third," as 
claimed. 

A specific showing of each of applicant's claim limitations, or a notice of allowance 
is respectfully requested. 

Finally, applicant brings to the Examiner's attention new Claim 34 which requires 
"wherein a graphical user interface is provided for providing an option to a user to apply both 
an AND operation and an OR operation to selected network objects." Further, new Claim 35 
requires "a first graphical user interface that allows a user to associate the network objects 
with the rule sets, a second graphical user interface that allows the user to create associations 
of the rule sets and the network objects for a firewall, a third graphical user interface that is 
displayed upon selection of a network object, a fourth graphical user interface for creating 
and editing the rule sets, a fifth graphical user interface for configuring a new policy rule for 
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being added to one of the rule sets, a sixth graphical user interface for adding a new network 
object, and a seventh graphical user interface for editing one of the network objects." 

An allowance is respectfully requested. 

In the event a telephone conversation would expedite the prosecution of this 
application, the Examiner may reach the undersigned at (408) 505-5100. For payment of the 
fees due in connection with the filing of this paper, the Commissioner is authorized to charge 
such fees to Deposit Account No. 50-1351 (Order No. NAI1P007_00.045.01). 



P.O. Box 721120 

San Jose, CA 95172-1120 

Telephone: (408)505-5100 
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